JSXtract 作者: Device1
JSXtract is a security research tool used to pull various type of data from JS files that exist within a selected tab.
1 位使用者1 位使用者
擴充套件後設資料
關於此擴充套件
This tool is a great way to get an initial look on what may exist within the application. You can use the tool to get some basic data such as urls, endpoints and parameters or get a good initial look of sinks, postmessages and then go deeper from there etc.
How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.
Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)
The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g
Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g
Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g
Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g
Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g
PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g
Github
https://github.com/Antp1k/jsxtract/
How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.
Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)
The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g
Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g
Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g
Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g
Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g
PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g
Github
https://github.com/Antp1k/jsxtract/
由 1 位評論者給出 0 分
權限與資料
更多資訊
- 版本
- 1.0
- 大小
- 10.96 KB
- 最近更新
- 10 個月前 (2025年5月4日)
- 相關分類
- 授權條款
- MIT License
- 版本紀錄
- 新增至收藏集